diff --git a/src/freedombone-adduser b/src/freedombone-adduser
index 12c5f522ecd6948ab6d77c7ccf4a6798a001008d..3a2f8a156b7edf5d0481af9d1c934b0c91edd445 100755
--- a/src/freedombone-adduser
+++ b/src/freedombone-adduser
@@ -185,20 +185,6 @@ fi
gpg_agent_setup "$ADD_USERNAME"
-# add a monkeysphere subkey
-#echo $'Adding monkeysphere subkey'
-#su -c "monkeysphere gen-subkey" - $ADD_USERNAME
-#echo $'Adding monkeysphere subkey to ssh-agent'
-#su -c "monkeysphere s" - $ADD_USERNAME
-# add authorized GPG email address
-#mkdir /home/$ADD_USERNAME/.monkeysphere
-#chmod 755 /home/$ADD_USERNAME/.monkeysphere
-#echo "$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>" > /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
-#chmod 644 /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
-#chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.monkeysphere
-#echo $'Updating monkeysphere users'
-#monkeysphere-authentication update-users
-
if [ -f "/home/$ADD_USERNAME/.muttrc" ]; then
# encrypt outgoing mail to the "sent" folder
if ! grep -q "pgp_encrypt_only_command" "/home/$ADD_USERNAME/.muttrc"; then
diff --git a/src/freedombone-controlpanel-user b/src/freedombone-controlpanel-user
index 032c8f8fc9ef52cb1ee8cec58adec4117a00fd82..436744fcfeedde49c07b3bc7459a0ba089f777cb 100755
--- a/src/freedombone-controlpanel-user
+++ b/src/freedombone-controlpanel-user
@@ -728,21 +728,6 @@ function menu_admin {
sudo /usr/local/bin/control
}
-function sign_keys {
- if [ ! -f "/home/$USER/.monkeysphere/server_keys" ]; then
- return
- fi
-
- dialog --title $"Monkeysphere sign server keys" \
- --backtitle $"Freedombone Security Configuration" \
- --defaultno \
- --yesno $"\\nMonkeysphere has been enabled and you will need to sign and trust the server keys. Do you want to do that now?" 8 60
- sel=$?
- case $sel in
- 0) "${PROJECT_NAME}-sec" --sign yes;;
- esac
-}
-
function menu_run_client_app {
detect_installable_apps
@@ -855,7 +840,6 @@ function menu_top_level {
done
}
-sign_keys
gpg_agent_enable "$USER"
menu_top_level
clear
diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise
index ac885889db6a36afc20f8983ea0f6210d934de1e..d6442bbbdddf2a6a6973cc6d883b320808de3beb 100755
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@@ -1890,10 +1890,6 @@ image_setup_utils() {
# shellcheck disable=SC2086
chroot "$rootdir" $INSTALL_PACKAGES duplicity gnupg
- # monkeysphere
- # shellcheck disable=SC2086
- #chroot "$rootdir" $INSTALL_PACKAGES monkeysphere msva-perl
-
# encrypting email
# shellcheck disable=SC2086
chroot "$rootdir" $INSTALL_PACKAGES libmail-gnupg-perl
diff --git a/src/freedombone-sec b/src/freedombone-sec
index 1cc0805941fa6a62c1a34e00a77dbfa84f1ee723..a4693c670acb701a86adb9b26800caccb1ae1165 100755
--- a/src/freedombone-sec
+++ b/src/freedombone-sec
@@ -580,20 +580,6 @@ function interactive_setup {
clear
}
-function send_monkeysphere_server_keys_to_users {
- monkeysphere_server_keys=$(monkeysphere-host show-key | grep $"OpenPGP fingerprint" | awk -F ' ' '{print $3}')
- for d in /home/*/ ; do
- USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
- if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
- if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
- mkdir "/home/$USERNAME/.monkeysphere"
- fi
- echo "$monkeysphere_server_keys" > "/home/$USERNAME/.monkeysphere/server_keys"
- chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.monkeysphere"
- fi
- done
-}
-
function regenerate_ssh_host_keys {
rm -f /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
@@ -602,15 +588,6 @@ function regenerate_ssh_host_keys {
awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
mv ~/moduli /etc/ssh/moduli
echo $'ssh small moduli removed'
- # update monkeysphere
- DEFAULT_DOMAIN_NAME=
- read_config_param "DEFAULT_DOMAIN_NAME"
- monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$DEFAULT_DOMAIN_NAME"
- SSH_ONION_HOSTNAME=$(grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
- monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$SSH_ONION_HOSTNAME"
- monkeysphere-host publish-key
- send_monkeysphere_server_keys_to_users
- echo $'updated monkeysphere ssh host key'
systemctl restart ssh
}
@@ -888,103 +865,6 @@ function update_ciphersuite {
exit 0
}
-function enable_monkeysphere {
- monkey=
- dialog --title $"GPG based authentication" \
- --backtitle $"Freedombone Security Configuration" \
- --defaultno \
- --yesno $"\\nEnable GPG based authentication with monkeysphere ?" 7 60
- sel=$?
- case $sel in
- 0) monkey='yes';;
- 255) exit 0;;
- esac
-
- if [ $monkey ]; then
- read_config_param "MY_USERNAME"
-
- if [ ! -f /home/$MY_USERNAME/.monkeysphere/authorized_user_ids ]; then
- dialog --title $"GPG based authentication" \
- --msgbox $"$MY_USERNAME does not currently have any ids within ~/.monkeysphere/authorized_user_ids" 6 40
- exit 0
- fi
-
- MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
- if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
- echo $"monkeysphere unable to get GPG key ID for user $MY_USERNAME@$HOSTNAME"
- exit 52
- fi
-
- sed -i 's|#AuthorizedKeysFile|AuthorizedKeysFile|g' /etc/ssh/sshd_config
- sed -i 's|AuthorizedKeysFile.*|AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u|g' /etc/ssh/sshd_config
- monkeysphere-authentication update-users
-
- # The admin user is the identity certifier
- fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
- monkeysphere-authentication add-identity-certifier "$fpr"
- monkeysphere-host publish-key
- send_monkeysphere_server_keys_to_users
- else
- sed -i 's|#AuthorizedKeysFile|AuthorizedKeysFile|g' /etc/ssh/sshd_config
- sed -i 's|AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|g' /etc/ssh/sshd_config
- fi
-
- systemctl restart ssh
-
- if [ $monkey ]; then
- dialog --title $"GPG based authentication" \
- --msgbox $"GPG based authentication was enabled" 6 40
- else
- dialog --title $"GPG based authentication" \
- --msgbox $"GPG based authentication was disabled" 6 40
- fi
- exit 0
-}
-
-function register_website {
- domain="$1"
-
- if [[ ${domain} == *".local" ]]; then
- echo $"Can't register local domains"
- return
- fi
-
- if [ ! -f "/etc/ssl/private/${domain}.key" ]; then
- echo $"No SSL/TLS private key found for ${domain}"
- return
- fi
-
- if [ ! -f "/etc/nginx/sites-available/${domain}" ]; then
- echo $"No virtual host found for ${domain}"
- return
- fi
-
- monkeysphere-host import-key "/etc/ssl/private/${domain}.key" "https://${domain}"
- monkeysphere-host publish-key
- echo "0"
-}
-
-function register_website_interactive {
- data=$(mktemp 2>/dev/null)
- dialog --title $"Register a website with monkeysphere" \
- --backtitle $"Freedombone Security Settings" \
- --inputbox $"Enter the website domain name (without https://)" 8 60 2>"$data"
- sel=$?
- case $sel in
- 0)
- domain=$(<"$data")
- if ! register_website "$domain"; then
- dialog --title $"Register a website with monkeysphere" \
- --msgbox "$?" 6 40
- else
- dialog --title $"Register a website with monkeysphere" \
- --msgbox $"$domain has been registered" 6 40
- fi
- ;;
- esac
- rm -f "$data"
-}
-
function pin_all_tls_certs {
${PROJECT_NAME}-pin-cert all
}
@@ -1518,32 +1398,6 @@ function refresh_gpg_keys {
exit 0
}
-function monkeysphere_sign_server_keys {
- server_keys_file=/home/$USER/.monkeysphere/server_keys
- if [ ! -f "$server_keys_file" ]; then
- exit 0
- fi
-
- keys_signed=
- while read -r line; do
- echo "$line"
- if [ ${#line} -gt 2 ]; then
- fpr=$(gpg --with-colons --fingerprint "$line" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
- if [ ${#fpr} -gt 2 ]; then
- if torsocks gpg --sign-key "$fpr"; then
- torsocks gpg --update-trustdb
- keys_signed=1
- fi
- fi
- fi
- done <"$server_keys_file"
-
- if [ $keys_signed ]; then
- rm "$server_keys_file"
- fi
- exit 0
-}
-
function htmly_hash {
# produces a hash corresponding to a htmly password
pass="$1"
@@ -1572,8 +1426,6 @@ function show_help {
echo $' -e --export Export security settings to a file'
echo $' -i --import Import security settings from a file'
echo $' -r --refresh Refresh GPG keys for all users'
- echo $' -s --sign Sign monkeysphere server keys'
- echo $' --register [domain] Register a https domain with monkeysphere'
echo $' -b --htmlyhash [password] Returns the hash of a password for a htmly blog'
echo ''
exit 0
@@ -1604,16 +1456,6 @@ do
shift
refresh_gpg_keys
;;
- # register a website
- --register|--reg|--site)
- shift
- register_website "$1"
- ;;
- # user signs monkeysphere server keys
- -s|--sign)
- shift
- monkeysphere_sign_server_keys
- ;;
# get a hash of the given htmly password
-b|--htmlyhash)
shift